CVE-2025-3835

Опубликовано: 09 июн. 2025

Источник: nvd

CVSS3: 9.6

EPSS Низкий

Описание

Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.

Ссылки

https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-3835.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*

Версия до 5.7 (исключая)

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:-:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5710:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5711:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5712:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5713:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5714:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5715:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5717:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5718:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5719:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5720:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5721:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00581

Низкий

9.6 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-r7f5-84f4-jjx8

CVSS3: 9.6

github

8 месяцев назад

Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module.

BDU:2025-06704

CVSS3: 9.6

fstec

8 месяцев назад

Уязвимость модуля Content Searchпрограммного средства мониторинга, анализа и создания отчетов Zohocorp ManageEngine Exchange Reporter Plus, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 68%

0.00581

Низкий

9.6 Critical

CVSS3

Дефекты

CWE-434